Finding the truth – Forensics Evidence Doesn’t Lie
By Martin Quaife – It has been said that, about 50 years ago, the word went around police circles that, “Verbal’s are out. Forensics are in.” Police were told they could no longer rely on the evidence of verbal admissions to secure convictions and arguments against verbal evidence has developed to the point where a defence can often secure the dismissal of a case simply because of the absence of forensic evidence in the prosecution’s case.
Computer crimes largely fall into two categories – general crimes (such as forgery, fraud, theft, sexual and racial harassment) carried out through the use of computers and computer specific crimes (such as attacks against other systems, data theft and pornography with children etc.).
The investigator will need to capture data safely from computers, servers and/or websites, ensure its integrity by preserving it carefully, to analyse it in order to achieve the clients’ aims, and to present it in a viable form whether for the client or the court. All this has to be achieved in a timely manner, with minimum impact on clients’ normal activities and, sometimes, clandestinely as far as suspects and others may be concerned. Operatives may find unauthorised hardware leeching information from computer equipment.
The analysts may discover confidential data (such as customer details or commercial secrets) have been viewed, downloaded, transmitted, copied or deleted improperly – when and by whom. They may find bogus accounts through which funds have been skimmed from genuine clients – perhaps fractions of pennies from numerous transactions that would otherwise go unnoticed. They may also recover deleted data.
The advance of technology has both raised the level of risk we face, and has had an unprecedented impact upon the ability of criminals to ply their trade. The very same freedom we enjoy to access information and to share every aspect of our lives has inadvertently created countless opportunities for others to exploit.
But, while historically being some distance behind the cutting edge, Law Enforcement has been quick to exploit potential opportunities. This can perhaps be best seen in the realms of forensics. It is interesting to note that just as a hand can produce a fingerprint or a firearm leave residue so can digital sources, rubbing against each other to leave a ‘trace’ visible to those who know how to look.
The rise of digital forensics goes beyond mobile phones, just as a surface can be dusted for fingerprints, a hard drive can be encouraged to give up data which might have been deleted months or even years ago. This has meant that suspects who have attempted to evade justice by deleted data are unable to escape prosecution.
The power of digital forensics
In 2006, Banaz Mahmod, a 20-year-old Kurdish woman from London, was brutally murdered in an “honour killing” orchestrated by her father and uncle. Both family members have since been imprisoned for life, it is likely that the murderers were only convicted due to extensive use of digital forensic data. When faced with a ‘closed wall’ of uncommunicative parties who would not aid the case, it was mobile forensics that helped bring the killers to justice. By carefully examining phone data, Police were able to recover text and call logs as well as movement and GPS data and were able to quickly prove facts and achieve justice for Banaz Mahmoud.
Mobile telephones are now the primary data source in most scenarios; using industry leading hardware and software. At Blackstone Consultancy we are able to examine the majority of devices and extract messaging, call history, internet history and media files that could be crucial to securing the investigative outcome you would wish. This is a fast-moving discipline and we invest appropriately to ensure that our technicians are equipped with the very best tools and training.
However, the most high profile public use of digital forensics to solve an otherwise impossible case is the case of Dr Conrad Murray. Dr Murray was the personal physician of the late pop-star Michael Jackson and a deeply controversial figure. Dr Murray was heavily in debt, had fathered children with multiple different women and by the time of Jackson’s death was in danger of being struck off due to un-paid child support and Jackson died only weeks after taking Dr Murray on staff.
When Michael Jackson died, coroners found large amounts of the muscle relaxant Propofol in his blood. Though Dr Murray denied any wrongdoing, a forensic search of his computer proved otherwise. The recovered data showed that Conrad Murray had provided Propofol to Jackson at doses easily high enough to kill a man. Perhaps just as interesting was how a drug that normally only exists inside an intensive care ward found its way into Conrad Murray’s bag. Thrilling stuff indeed!
Increased usage of digital systems in vehicles can also yield a surprising amount of data to a skilled investigator. In one case a vehicle accident occurred in a parking garage located in Wyoming. A car reportedly went out of control and collided with a garage column and another vehicle. The driver of the car insisted he had been driving when his brakes had failed. Again, the digital forensics of the event told a different story.
The brakes were found to be functional (contrary to the driver’s statement) and a series of other technical details ranging from the position of the accelerator pedal which had been pushed all the way down, to the brakes (which had not been touched) thus proving that the driver was at fault.
Although the above is not as ‘juicy’ as a tale of disgraced doctors and eccentric pop-divas, it does show the staggering amount of information that can be found in even the most basic of items much of which can prove critical in an investigation.
The above examples illustrate both the scale and flexibility that digital forensics have in bringing clarity to a wide variety of legal disputes (many of which would not have been possible to solve any other way). Blackstone Consultancy is proud to be able to offer services such as vehicle analytics, cell site analysis and data examination and recovery to our clients. These tools, once only available to police forces and government agencies, can now be used to help in a variety of settings both legal and personal.